Lightweight directory access protocol (LDAP) join search mechanism
Abstract
Complex search tasks are performed relative to an LDAP directory with a minimal quantity of LDAP search operations. Search tasks that follow relationships between LDAP entries can be performed, even under circumstances in which those relationships are not represented by the hierarchical structure of the LDAP directory. A client application can specify an LDAP control that the client application sends to the LDAP server along with the LDAP search operation. The LDAP server's receipt of the LDAP control can cause the LDAP server to modify the behavior of the search operation so that the LDAP server follows potentially non-hierarchical specified relationships between the LDAP entries in determining the set of entries to return as results of the search operation. As a result, the LDAP server can return a complete set of related result entries to the client application in response to a single LDAP search operation directed by the application.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-readable memory storing a plurality of instructions for causing a processor to perform operations, the plurality of instructions comprising:
instructions that cause the processor to receive a request to execute a lightweight directory access protocol (LDAP) search operation and a LDAP request control, wherein the LDAP request control identifies an attribute associated with an entry of an LDAP directory;
instructions that cause the processor to, in response to receiving the LDAP request control, modify execution of the LDAP search operation to locate one or more entries in one or more LDAP directories, wherein the execution is modified to follow references based on the attribute, and wherein the modified execution of the LDAP search operation includes;
based on identifying a first entry of a first LDAP directory responsive to the LDAP search operation, determining that the identified first entry includes a first attribute that matches the attribute identified by the LDAP request control, wherein the first attribute identifies a second entry of a second LDAP directory; and
identifying that the second entry has a second attribute, the second attribute matching the attribute indicated by the LDAP request control, and wherein the second attribute identifies a third entry of a third LDAP directory; and
instructions that cause the processor to send a search result for the LDAP search operation, wherein the search result includes first data retrieved from the identified first entry, second data retrieved from the identified second entry, and third data retrieved from the identified third entry.
2. The computer-readable memory of claim 1 , wherein the LDAP search operation includes one or more search criteria, and wherein the modified execution of the LDAP search operation further includes:
determining that the identified first entry satisfies the one or more search criteria; and
determining that the second entry satisfies the one or more search criteria.
3. The computer-readable memory of claim 1 , wherein the LDAP search operation includes a search scope, and wherein the modified execution of the LDAP search operation further includes:
determining that the identified first entry falls within the search scope; and
determining that the second entry falls within the search scope.
4. The computer-readable memory of claim 1 , wherein the LDAP search operation further includes a search scope, and wherein the modified execution of the LDAP search operation further includes determining that the third entry falls within the search scope.
5. The computer-readable memory of claim 1 , wherein the modified execution of the LDAP search operation further includes determining, for each entry that falls within a search scope, a set of distinguished names that are associated with one or more values of the attribute.
6. The computer-readable memory of claim 1 , wherein the modified execution of the LDAP search operation further includes:
determining, for each entry that falls within a search scope, a set of distinguished names that are associated with one or more values of the attribute, wherein the LDAP search operation includes the search scope; and
determining, for each entry that is uniquely identified by a distinguished name in the set of distinguished names, whether the entry satisfies one or more search criteria, wherein the LDAP search operation further includes the one or more search criteria;
wherein the one or more values of the attribute identify relationships between entries, and wherein the entries are not included in a structure of a hierarchy of the one or more LDAP directories.
7. The computer-readable memory of claim 1 , wherein the first LDAP directory is the second LDAP directory, and wherein the second LDAP directory is the third LDAP directory.
8. A system for processing lightweight directory access protocol (LDAP) operations, the system comprising:
a memory storing a plurality of instructions; and
a processor coupled to the memory, the processor configured to execute the plurality of instructions to:
receive a request to execute a lightweight directory access protocol (LDAP) search operation and a LDAP request control, wherein the LDAP request control identifies an attribute associated with an entry of an LDAP directory;
in response to receiving the LDAP request control, execute, using the LDAP request control, the LDAP search operation to locate one or more entries in one or more LDAP directories, wherein executing the LDAP search operation includes:
responsive to the LDAP search operation, identifying a first entry of a first LDAP directory;
determining that the identified first entry includes a first attribute that matches the attribute identified by the LDAP request control, wherein the first attribute identifies a second entry of a second LDAP directory; and
identifying that the second entry has a second attribute, wherein the second attribute matches the attribute indicated by the LDAP request control, and wherein the second attribute identifies a third entry of a third LDAP directory; and
send a search result for execution of the LDAP search operation, wherein the search result includes data retrieved from the identified first entry, the identified second entry, and the identified third entry.
9. The system of claim 8 , wherein the LDAP search operation includes one or more search criteria, and wherein executing the LDAP search operation further includes:
determining that the identified first entry satisfies the one or more search criteria; and
determining that the second entry satisfies the one or more search criteria.
10. The system of claim 8 , wherein the LDAP search operation includes a search scope, and wherein executing the LDAP search operation further includes:
determining that the identified first entry falls within the search scope; and
determining that the second entry falls within the search scope.
11. The system of claim 8 , wherein the LDAP search operation further includes a search scope, and wherein executing the LDAP search operation further includes determining that the third entry falls within the search scope.
12. The system of claim 8 , wherein executing the LDAP search operation further includes determining, for each entry that falls within a search scope received with the LDAP search operation, a set of distinguished names that are associated with one or more values of the attribute.
13. A method for processing a lightweight directory access protocol (LDAP) operation, the method comprising:
receiving a request to execute a lightweight directory access protocol (LDAP) search operation and a LDAP request control, wherein the LDAP request control identifies an attribute associated with an entry of an LDAP directory;
in response to receiving the LDAP request control, executing, using the LDAP request control, the LDAP search operation to locate one or more entries in one or more LDAP directories, wherein executing the LDAP search operation includes:
responsive to the LDAP search operation, identifying a first entry of a first LDAP directory;
determining that the identified first entry includes a first attribute that matches the attribute identified by the LDAP request control, wherein the first attribute identifies a second entry of a second LDAP directory; and
identifying that the second entry has a second attribute, wherein the second attribute matches the attribute indicated by the LDAP request control, and wherein the second attribute identifies a third entry of a third LDAP directory; and
sending a search result for execution of the LDAP search operation, wherein the search result includes data retrieved from the identified first entry, the second entry, and the third entry, and wherein the second entry was identified by the first attribute of the identified first entry.
14. The method of claim 13 , wherein the LDAP search operation includes one or more search criteria, and wherein executing the LDAP search operation further includes:
determining that the identified first entry satisfies the one or more search criteria; and
determining that the second entry satisfies the one or more search criteria.
15. The method of claim 13 , wherein the LDAP search operation includes a search scope, and wherein executing the LDAP search operation further includes:
determining that the identified first entry falls within the search scope; and
determining that the second entry falls within the search scope.
16. The method of claim 13 , wherein the LDAP search operation includes a search scope, and wherein executing the LDAP search operation further includes determining that the third entry falls within the search scope.
17. The method of claim 13 , wherein executing the LDAP search operation further includes determining, for each entry that falls within a search scope, a set of distinguished names that are associated with one or more values of the attribute.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.